CN101329787A - Terminal device, secure device and application authentication system - Google Patents

Terminal device, secure device and application authentication system Download PDF

Info

Publication number
CN101329787A
CN101329787A CNA2008101441241A CN200810144124A CN101329787A CN 101329787 A CN101329787 A CN 101329787A CN A2008101441241 A CNA2008101441241 A CN A2008101441241A CN 200810144124 A CN200810144124 A CN 200810144124A CN 101329787 A CN101329787 A CN 101329787A
Authority
CN
China
Prior art keywords
safety equipment
application
application program
terminal device
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2008101441241A
Other languages
Chinese (zh)
Inventor
峰村淳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Panasonic Holdings Corp
Original Assignee
Matsushita Electric Industrial Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matsushita Electric Industrial Co Ltd filed Critical Matsushita Electric Industrial Co Ltd
Publication of CN101329787A publication Critical patent/CN101329787A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3552Downloading or loading of personalisation data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Storage Device Security (AREA)
  • Telephone Function (AREA)

Abstract

The present invention provides an application authentication system capable of authenticating an application on a terminal device, which does not have a secure information concealing area, by a secure device. In an application authentication system in which a secure device 10 fitted to a terminal device 30 that has no secure information concealing area authenticates an application 31 stored in the terminal device, the secure device 10 authenticates an application running means 33 stored in an unwritable area 302 of the terminal device, and also authenticates the application based on a process applied to the application 31 by the application running means to request an access to the secure device. Since the terminal authentication by the secure device and the application authentication executed within the terminal device are coupled in combination, the secure device can authenticate the application operated on the terminal device without the secure information concealing area.

Description

Application authentication system, safety equipment and terminal device
The application is dividing an application of following patented claim:
Application number: 200410006768.6
The applying date: on February 26th, 2004
Denomination of invention: application authentication system, safety equipment and terminal device
Technical field
The present invention relates to application authentication system, the card application that wherein operates on the safety equipment (IC-card etc.) can be differentiated the application that operates on the terminal device (mobile terminal device etc.).The invention still further relates to safety equipment and terminal device.Required discriminating is handled when particularly, the invention provides the application that can realize on operating on terminal device equipment safe in utilization system, safety equipment and terminal device.
Background technology
In recent years, security of stored information equipment (for example IC-card etc.) is used in various application (as ecommerce, Access Management Access, traffic monthly ticket etc.) safely.In future, much more more and more this application is expected to be expanded by the actual locomotive function that uses portable terminal etc.
Fig. 8 is stored in the various services that the secure data the safety equipment 10 is carried out from the principle expression by application, the utilization simultaneously that execution operates on the mobile terminal device 30.
As following non-patent documents 1 (" interface (Interface) " in March, 2003, CQ publishes company limited, the 82nd page~90 pages) described, operate on application on the safety equipment (card is used) and form and the safety equipment of packing into by programming language (as Java (registered trademark) etc.).This card is used and is differentiated and need utilization be stored in the applications of the secure data in the safety equipment, and has followed at this card application verification the order of accepting applications after the security.
But, traditional safety equipment do not have identification device to can be used to differentiate the application that is downloaded to mobile terminal device.Therefore, this application that is downloaded to mobile terminal device can not utilize the data that are stored in safety equipment.
This is with regard to following situation.
Usually, in identification personage's discriminating is handled, verify this person and whether know the information that only has true man to know just now.Then, if this person know this information then this person differentiated and be true man.The behavior that Fig. 9 is represented when differentiating the end application (supposing it is Java (registered trademark) application program of being write as by Java (registered trademark) language) 31 that is applied in the card application 11 of safety equipment 10 and mobile terminal device 30 according to the intersection of this system from principle expression.Have the safety equipment 10 of preserving the private data function and private information (key etc.) can be remained in the anti-tamper district that safety makes up by hardware.Simultaneously, owing to need security to dispose private information,, overall region 31 must differentiate by the anti-tamper district 35 that keeps private information so must being configured to anti-tamper or regional 31 with permission mobile terminal device 30.In this case, can confirm following true if card uses 11 with Java (registered trademark) application program 31 of OS (or VM (virtual machine)) 32 controls that are subjected to mobile terminal device 30: promptly the two keeps common private information each other by exchanging its information, then sets up intersection and differentiates.
But, but mobile terminal device 30 zone of safe storage private information not in fact.Thus, card is used 11 and can not be carried out the intersection discriminating by using common private information.Therefore, Java (registered trademark) application program 31 that is downloaded to mobile terminal device 30 still can not be utilized the data that are stored in safety equipment so far.
In this case, be fixed in mobile terminal device 30 with under the situation of network acceptance at safety equipment 10 from the service of service providing server, the service providing server of differentiating each other with safety equipment 10 can utilize the data that are stored in safety equipment 10, but mobile terminal device 30 has only been played the part of the role of the delivery pipe of transmission data so far.As a result, as shown in Figure 8, can't implement this system: i.e. the application of mobile terminal device 30 is carried out data write to safety equipment 10, to carry out senior processing such as calculating, demonstration.
Summary of the invention
The present invention makes in order to overcome this problem of the prior art, and the object of the present invention is to provide a kind of application authentication system, it can differentiate the application program that does not have on the implicit terminal device of distinguishing of security information by safety equipment, and the safety equipment and the terminal device that constitute this system also are provided.
Therefore, according to the present invention, a kind of application authentication system is provided, safety equipment wherein affixed or that be connected to the terminal device that does not have the implicit district of security information are removably differentiated the application program that is stored in the terminal device, wherein the application program running gear on the safety equipment authentication terminal equipment is also also differentiated application program based on the processing of the application program of being carried out by the application program running gear, with request access security equipment.
And, according to the present invention, providing a kind of safety equipment, it is affixed or be connected to terminal device removably and comprise: the card manager is used for carrying out the processing of authentication terminal equipment; Use with card, be used for acting on the request of access application that is stored in terminal device with differentiating to handle, wherein card is used based on the processing that acts on the application program of being carried out by terminal device and is differentiated application program, the processing of then confirming authentication terminal is finished by the card manager, then accepts the request of access of the application program differentiated again.
And, according to the present invention, a kind of terminal device is provided, it comprises application program running gear and application program, the summary data of application program running gear computing application program after affixed safety equipment have been differentiated the application program running gear wherein, with request access security equipment, then use summary data to differentiate application program, then send request of access again to safety equipment.
As a result, differentiate it is that coupling is assembled, operate on the application that does not have on the implicit terminal device of distinguishing of security information so safety equipment can be differentiated owing to the application in terminal discriminating of carrying out by safety equipment and the terminal device.
Description of drawings
Fig. 1 represents the block scheme according to the process of the application authentication system of first embodiment of the invention;
Fig. 2 represents the block scheme according to the formation of the application authentication system of first embodiment of the invention;
Fig. 3 represents the block scheme according to the process of the application authentication system of second embodiment of the invention;
Fig. 4 represents the block scheme according to the formation of the application authentication system of second embodiment of the invention;
Fig. 5 represents the block scheme according to the process of the application authentication system of third embodiment of the invention;
Fig. 6 represents the block scheme according to the formation of the application authentication system of third embodiment of the invention;
Fig. 7 is the schematic diagram of the file access of the applied safety equipment of file in the expression embodiment of the invention;
Fig. 8 is the schematic diagram of the service that can be carried out by the mobile terminal device of affixed safety equipment of expression;
Fig. 9 is the block scheme of the problem that causes when the application on the safety equipment discriminatings mobile terminal device of expression.
In the accompanying drawings, Reference numeral 10 is represented safety equipment; 11 representative cards are used; 13 represent public library (card manager); The authentication of 14 by procurations checking route; 15 represent summary data; 30 represent mobile terminal device; 31 represent Java (registered trademark) application program; 32 represent OS; 33 represent Java (registered trademark) runtime environment (JAM); 34 representative electronic signatures; 35 represent the private information memory block; And the writable area of 301 representative of consumer; 302 representatives can not be write the district.
Embodiment
(first embodiment)
In the application authentication system according to first embodiment of the invention, in order to differentiate the terminal applies that operates on the mobile terminal device, whether the card application verification terminal applies of safety equipment normal use.When the card application can confirm that terminal applies is normal use, this card application determines to allow to be differentiated the processing normal termination and follows the request of access that acceptance is sent from terminal applies.
Fig. 2 constitutes the safety equipment 10 and the mobile terminal device 30 of this system from the principle expression.Mobile terminal device 30 has " can not write district 302 ", and wherein information just can not write and " user's writable area 301 " write ROM or flash memory when dispatching from the factory after, has wherein write the application program of downloading.Apposition 34 Java (registered trademark) application program 31 of signing electronically be stored in user's the writable area 301.And OS 32 and being used for moves Java (registered trademark) application program 31, it is that Java (registered trademark) runtime environment (JAM) 33 of the computer program write as by Java (registered trademark) language is stored in and can not writes in the district 302.
In this case, " can not write district 302 " illustrated such zone: wherein canned data must not be by operation terminal device (for example application program 31), rewrite from the visit of external unit (for example blocking 10) etc.Whether this zone itself has physics can not be write mechanism (for example ROM) apodia heavy and light.
Electronic signature 34 in Java (registered trademark) application program 31 is added by the certification authority (CA) of authentication Java (registered trademark) application program 31 legitimacies.Summary data generates by Hash operation being acted on Java (registered trademark) application program 31,34 is by the key that uses certification authority (CA) summary data to be encrypted to generate and then sign electronically.
And mobile terminal device 30 uses it to be transfused to JAM33 with the application authorization of carrying out terminal authentication information of differentiating with intersecting of safety equipment 10 and the certification authority (CA) of the verification public key that contains electronic signature 34.(herein, " being transfused to " speech signal corresponding information can be used as code and embeds JAM 33, or former state is collected as file.)
Simultaneously, safety equipment 10 have public library (card manager) 13, are used for carrying out the discriminating processing of mobile terminal device 30, the discriminating that card uses 11, be used for carrying out Java (registered trademark) application program 31 that operates on the mobile terminal device 30 is handled, and signature verification route authentication 14, is used for authentication verification authority's PKI.
And safety equipment 10 use the terminal authentication information with the intersect discriminating of execution with mobile terminal device 30, and this terminal authentication information is transfused to card manager 13.(herein, " being transfused to " speech signal corresponding information can be used as code and embeds card manager 13, or former state is collected as file.)
In this case, in the present invention, need differentiate mobile terminal device 30, but always need not differentiate safety equipment 10 by mobile terminal device 30 by mobile terminal device 30.In corresponding embodiment, the situation of " intersect and differentiate " is applied between safety equipment 10 and the mobile terminal device 30.In this case, intersect to differentiate dispensable, but but application safety equipment 10 is differentiated " the monolateral discriminating " that mobile terminal device 30 is used.
In Fig. 1, use arrow to represent that using 11 up to the card of safety equipment 10 differentiates the process that Java (registered trademark) application program that operates on the mobile terminal device 30 31 is required.
When safety equipment 10 were fixed in mobile terminal device 30, the card manager 13 of safety equipment 10 used the relevant terminal authentication information and carries out with the intersecting of JAM 33 of mobile terminal device 30 and differentiate processing (1).Differentiate if set up to intersect, then block manager 13 and in safety equipment 10, set the successful sign of indication (intersect and differentiate the path sign).
In this case, the various terminal identification systems of equipment safe in utilization all are known, and can use any of these system in this system.For example, safety equipment can use TCPA (credible calculating platform alliance) system to differentiate BIOS (Basic Input or Output System (BIOS)), and then this BIOS can differentiate OS, and then this OS can differentiate Java (registered trademark) runtime environment again.And, have at mobile terminal device under the situation of anti-tamper SIM card or safe LSI, can use inquiry and responding system.In brief, then can use any system if can set up the discriminating of normal terminal, and not lie in the harness assembly of having used for particular device.
The JAM 33 of mobile terminal device 30 starts the access function to safety equipment 10 when JAM 33 has successfully carried out intersecting discriminating with safety equipment 10, Java (registered trademark) application program 31 requires the visit (2-1) of 33 pairs of safety equipment 10 of JAM simultaneously.JAM 33 uses in the application authorization contained PKI to verify the electronic signature 34 of Java (registered trademark) application program 31, thereby has differentiated Java (registered trademark) application program 31 (2-2) when accepting this and require.
The checking of carrying out electronic signature 34 is that data by Hash operation being acted on Java (registered trademark) application program 31 are to generate summary data, and then summary data to be compared 34 data that get of decoding that sign electronically with using public-key.If these data are coincide each other, then JAM 33 can differentiate the legitimacy of Java (registered trademark) application program 31 and can check that data are distorted.
JAM 33 uses 11 (2-3) with the summary data of Java (registered trademark) application program 31 that generates and the cards that safety equipment 10 are presented in electronic signature 34 after differentiating Java (registered trademark) application program 31.Response therewith, card are used 11 and are used from signature verification route authentication 14 PKIs that get and 34 decode to signing electronically, and then whether checking coincide with summary data from JAM 33 feed-ins.JAM 33 carries out the request of access of sending from Java (registered trademark) application program 31 after differentiating Java (registered trademark) application program 31, and then transfers commands to card application 11 (3).The card of good authentication summary data is used 11 and is differentiated that with intersecting the path indicates that the equipment of confirming card manager 13 is differentiated and finishes, and then accepts this order.
Under this mode, the safety equipment of application authentication system are that the fact of normal use is differentiated this application program by confirming to operate on application program on the portable terminal.Then, in order to reach this affirmation, the phase one, confirm to be stored in the legitimacy that portable terminal can not be write the Java in district (registered trademark) runtime environment (application program running gear).In case obtained this affirmation, promptly can not rewrite the application program running gear, and therefore the reliability of application program running gear is past just like continuing.
Subordinate phase obtains the application program running gear of the trust of safety equipment in the mobile terminal device and differentiates application program with electronic signature, and the summary data and the electronic signature of application program are distributed to safety equipment.
The safety equipment decisions summary data from distributing immediately after the application program running gear generates, this application program running gear has been obtained the trust of safety equipment, as authentic data.Phase III, safety equipment use electronic signature to verify summary data.
If the result is normal in this checking, then safety equipment confirm that the application program operate on the terminal device is a normal use, this be confirmed to be based in the phase one, subordinate phase and the discriminating of phase III handle.
In this way, this application authentication system makes safety equipment handle the application program of differentiating on the terminal device that does not have the implicit district of security information based on phase one, subordinate phase and a series of discriminatings in the phase III.
(second embodiment)
In second embodiment of the invention, will explain a kind of application authentication system below, it comprise safety equipment, wherein stored and sent the authentication information of recognition application and mobile terminal device, operated application program thereon.
These safety equipment be make up with the application combination that is downloaded to mobile terminal device to realize various services, for example, if as shown in Figure 8 " electronic ticket application program " is downloaded to mobile terminal device 30, then safety equipment 10 are safety equipment of electronic ticket certainly.
Fig. 4 constitutes the safety equipment 10 and the mobile terminal device 30 of this system from the principle expression.Be stored in the user's of mobile terminal device 30 Java (registered trademark) application program 31 signature not of writable area 301.Therefore there is not application authorization input JAM 33.And, be stored in advance in the safety equipment 10 as the application authentication information of identification Java (registered trademark) application programs 31 such as summary data 15.All the other constitute and first embodiment remains unchanged.
The use arrow is represented the discrimination process in this system in Fig. 3.
When safety equipment 10 were fixed in mobile terminal device 30, the card manager 13 of safety equipment 10 was carried out with the intersecting of JAM 33 of mobile terminal device 30 and is differentiated processing (1), as in first embodiment.Differentiate if set up to intersect, then block manager 13 and in safety equipment 10, set the successful intersection discriminating path sign of indication.And, differentiate that if set up to intersect then JAM 33 startups of mobile terminal device 30 are to the access function of safety equipment 10, the visit (2-1) of 33 pairs of safety equipment 10 of Java (registered trademark) application program 31 request JAM simultaneously.
JAM 33 is when accepting this when request, the data that Hash operation acted on Java (registered trademark) application program 31 with generate summary data (2-2), and the card of then summary data being presented to safety equipment 10 use 11 (2-3).Card is used 11 and is differentiated that with reference to intersecting paths indicate that the equipment discriminating of checking card manager 13 finishes, then will proofread, more then with identification result feed-in JAM 33 (2-4) from the summary data of JAM 33 and the summary data 15 that remains in the safety equipment 10 in confidence.JAM 33 carries out the request of access of sending from Java (registered trademark) application program 31 when learning that Java (registered trademark) application program 31 has been differentiated, and then transfers commands to card application 11 (3).
In this way, in this application authentication system, do not need the electronic signature (certainly, yet can provide this electronic signature) of application program, so but this system of summary.
And, in the system of operator's apposition signature, can not eliminate operator's control.By contrast, in the system of the electronic signature that does not need application program, do not need the operator to get involved and to carry out commercial affairs.Therefore, if may down load application the system of program be ready to the back, embedded the safety equipment of using authentication information respectively and be assigned to the user, then might start service immediately.
In this case, as the concrete grammar of handling (2-3), be about to from the application program running gear be used for differentiate that application's data (summary data) presents to safety equipment, the method below will considering.For example, a kind of gimmick is arranged, its use is used to proofread the established command checking of PIN and presents the application authentication data but not PIN, Deng, a kind of gimmick is arranged, its use to use authentication data but not obtain inquiry and outside the discriminating in key and present data, it is to use the inquiry of the system that differentiates in the outside of IC-card and the established command of response, or the like.
Under a kind of situation in back, differentiate under the situation of the device A in common inquiry-responding system in equipment B, when obtaining of the toucher that serves as inquiry-response processing inquires that slave unit A is sent to equipment B, equipment B is beamed back device A with the first information as the information (random number etc.) of information that keeps in advance or generation arbitrarily, then device A is used the key (private information A) that keeps in advance to wait equipment B (outside discriminating) is encrypted and then institute's information encrypted is sent to the first information, then equipment B uses the key (private information B: corresponding to the private information of private information A) that keeps in advance that enciphered message is decrypted again, whether meets the first information with the decision decryption information.If with this system applies in the present invention, then device A corresponding to application program running gear 33 equipment B use 11 corresponding to card.In this case, because device A does not have such zone: wherein kept data safely, so can use the summary data that application program running gear 33 generates respectively but not the summary data 15 that private information A and safety equipment keep in advance but not private information B corresponding to private information A.
(the 3rd embodiment)
In third embodiment of the invention, will explain a kind of application authentication system below, wherein obtain safety equipment in the mobile terminal device trust the application program running gear with electronic signature differentiate application program and then safety equipment accept this identification result.
Fig. 6 constitutes the safety equipment 10 and the mobile terminal device 30 of this system from the principle expression.Safety equipment 10 do not have the authentication of signature verification route.All the other constitute and first embodiment remains unchanged.
The use arrow is represented the discrimination process in this system in Fig. 5.
When safety equipment 10 were fixed in mobile terminal device 30, the card manager 13 of safety equipment 10 was carried out with the intersecting of JAM 33 of mobile terminal device 30 and is differentiated processing (1), as in first embodiment.Differentiate if set up to intersect, then block manager 13 and in safety equipment 10, set the successful intersection discriminating path sign of indication.And, if set up discriminatings that intersect with safety equipment 10, the access function that starts safety equipment 10 of the JAM 33 of mobile terminal device 30 then, and also Java (registered trademark) application program 31 is asked the visit (2-1) of 33 pairs of safety equipment 10 of JAM.JAM 33 uses in the application authorization contained PKI to verify that therefore the electronic signature 34 of Java (registered trademark) application program 31 to differentiate Java (registered trademark) application program 31 (2-2) when accepting this and require.The discriminating of this Java (registered trademark) application program 31 of JAM 33 is handled and the striking resemblances of explaining in first embodiment.
JAM 33 carries out the request of access of sending from Java (registered trademark) application program 31 when differentiating Java (registered trademark) application program 31, and then transfers commands to card application 11 (3).The card of safety equipment 10 is used 11 and is used to intersect and differentiate that paths indicate that the equipment of confirming card manager 13 is differentiated and finish, and then accepts this order.In this way, when the safety equipment of this application authentication system when differentiating the Java that can not write the district (registered trademark) runtime environment (application program running gear) that is stored in mobile terminal device with intersecting of mobile terminal device, these safety equipment are believed the identification result of application program and are differentiated this application program with the electronic signature of being carried out by the application program running gear.
In this application authentication system, to the apposition of will signing to application program (J2SE etc.) but the scheme existed system former state of carrying out standard be utilized.And, use this scheme and apposition to the system of application program of will signing can be transplanted in the system among this embodiment without difficultyly.And, compare with the situation of second embodiment, have the persons in charge such as operator of apposition to the authority of application program that sign can be controlled commercial affairs in this system.
In this case, as shown in each embodiment, exist wherein block application controls to the applied safety equipment of program of the visit of storage data and wherein decision needs visit the file applications type equipment of safety condition of storage file as safety equipment.In a kind of safety equipment in back, as shown in Figure 7, when Java (registered trademark) runtime environment passes through the discriminating of card manager, the attached EF (basic document) of the selected DF of the addressable Java of these safety equipment (registered trademark) runtime environment (private file).And when differentiating application program by system in each embodiment, safety condition can be set in such a way: i.e. the attached EF of the DF that selects of safety equipment accessibility application.
In this case, not not in particular: even after safety equipment have been differentiated the application program running gear, people malevolently can not be set as oneself the application program running gear to send instruction to safety equipment, similarly is the signal that sends through being positioned at the port of the safety equipment of office, terminal device Fixed Division and from the application program running gear.In this case, preferably: in order to prevent personation here, should be provided with that can confirm to instruct is the system that sends from the application program running gear really.As this system, can consider following system.
In other words, differentiate in the processing (1) of application program running gear 33 at card manager 13, any information all can be sent to application program running gear 33 from card manager 13, thus two common process informations of device, or if in two devices, keep (or generation) common information then to store this information.If this information of hypothesis is second information, then this second information is also additional in handling (3), and request of access is issued to card from application program running gear 33 and uses 11 in handling (3).Card is used 11 and is only accepted the request that second information is affixed to the request of access of receiving.But, second information of having removed non-add, otherwise card is used 11 and is looked visit such as personation and do not accept processing for improper visit.Herein, the signal of " additional second information " speech is attached to request of access with second information, or to the full detail or the partial information former state of request of access or after it runs well, encrypt.
Can be obvious from above explanation, according to application authentication system of the present invention, differentiate that by safety equipment the application program that is executed on the terminal device that does not have the implicit district of security information is feasible.Therefore, the application program on the terminal device is addressable to be fixed in data in the safety equipment of terminal device, so and practicable advanced processes.

Claims (4)

1. terminal comprises:
At least one application program is stored in the application storage unit;
Described application program is verified and carried out to application execution environment;
OS (operating system) verifies and calls described application execution environment;
BIOS (Basic Input or Output System (BIOS)) verifies and calls described OS; With
Safety equipment are verified described BIOS;
Wherein, described application execution environment sends the information of the Hash that comprises described application program to described safety equipment, and described safety equipment are verified the validity of the described information of the Hash that comprises described application program.
2. terminal as claimed in claim 1, the data that wherein said application requests visit is preserved by described safety equipment, and when described safety equipment were not verified described information, described safety equipment were refused described visit.
3. the method for the application program on the verification terminal comprises step:
By safety equipment checking BIOS (Basic Input or Output System (BIOS));
Verify and call OS (operating system) by BIOS;
By OS checking and invokes application execution environment;
By application execution environment checking with carry out application program in the application storage unit that is stored in described terminal;
Send the information of the Hash that comprises described application program to described safety equipment by described application execution environment; With
Verify the validity of the information of Hash that receive, that comprise described application program by described safety equipment.
4. method as claimed in claim 3 also comprises:
From the data of described application requests visit by described safety equipment preservation, and
When described safety equipment fail to verify described information, refuse described visit.
CNA2008101441241A 2003-02-28 2004-02-26 Terminal device, secure device and application authentication system Pending CN101329787A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2003053362A JP4067985B2 (en) 2003-02-28 2003-02-28 Application authentication system and device
JP053362/03 2003-02-28

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CNB2004100067686A Division CN100419737C (en) 2003-02-28 2004-02-26 Application authentication system, secure device, and terminal device

Publications (1)

Publication Number Publication Date
CN101329787A true CN101329787A (en) 2008-12-24

Family

ID=32767845

Family Applications (2)

Application Number Title Priority Date Filing Date
CNA2008101441241A Pending CN101329787A (en) 2003-02-28 2004-02-26 Terminal device, secure device and application authentication system
CNB2004100067686A Expired - Fee Related CN100419737C (en) 2003-02-28 2004-02-26 Application authentication system, secure device, and terminal device

Family Applications After (1)

Application Number Title Priority Date Filing Date
CNB2004100067686A Expired - Fee Related CN100419737C (en) 2003-02-28 2004-02-26 Application authentication system, secure device, and terminal device

Country Status (5)

Country Link
US (1) US7512802B2 (en)
EP (2) EP1457936B1 (en)
JP (1) JP4067985B2 (en)
CN (2) CN101329787A (en)
DE (1) DE602004009489D1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102789558A (en) * 2011-05-20 2012-11-21 北京网秦天下科技有限公司 Method and device for analyzing program installation and program operation in mobile device
CN105095744A (en) * 2014-05-07 2015-11-25 腾讯科技(深圳)有限公司 Application access method and device
CN114205237A (en) * 2020-08-26 2022-03-18 中国移动通信集团终端有限公司 Authentication method and device of application program, electronic equipment and computer storage medium

Families Citing this family (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4145118B2 (en) * 2001-11-26 2008-09-03 松下電器産業株式会社 Application authentication system
EP1530392A1 (en) * 2003-11-04 2005-05-11 Nagracard S.A. Method for managing the security of applications with a security module
US7636844B2 (en) * 2003-11-17 2009-12-22 Intel Corporation Method and system to provide a trusted channel within a computer system for a SIM device
EP1536606A1 (en) 2003-11-27 2005-06-01 Nagracard S.A. Method for authenticating applications
US7574610B2 (en) * 2004-09-30 2009-08-11 Microsoft Corporation Security state watcher
GB0427696D0 (en) * 2004-12-17 2005-01-19 Ncr Int Inc Method of authenticating an executable application
US7810153B2 (en) * 2005-01-28 2010-10-05 Microsoft Corporation Controlling execution of computer applications
JP2006262393A (en) 2005-03-18 2006-09-28 Ntt Docomo Inc Tamper-resistant device and file generating method
CN101167301B (en) * 2005-04-27 2011-02-16 松下电器产业株式会社 Confidential information processing host device and confidential information processing method
DE102005022112A1 (en) * 2005-05-12 2006-11-16 Siemens Ag Data transmission between modules
DE102005033436A1 (en) * 2005-07-27 2007-02-01 Giesecke & Devrient Gmbh System with at least one computer platform and at least one user token
KR100970040B1 (en) * 2005-08-03 2010-07-16 엔엑스피 비 브이 A secure terminal, a routine and a method of protecting a secret key
JP4754299B2 (en) * 2005-08-18 2011-08-24 株式会社エヌ・ティ・ティ・データ Information processing device
US8201240B2 (en) * 2005-09-16 2012-06-12 Nokia Corporation Simple scalable and configurable secure boot for trusted mobile phones
EP2083372A4 (en) * 2006-10-20 2012-02-29 Panasonic Corp Application information falsification monitoring device and method
TWI484365B (en) * 2007-10-09 2015-05-11 Kyoraku Ind Co Ltd Electronic equipment, main control substrate, surrounding substrate, conformation method and conformation program set in game machine
JP4677007B2 (en) * 2008-04-24 2011-04-27 京楽産業.株式会社 Main control board, authentication method and authentication program
JP2009093436A (en) * 2007-10-09 2009-04-30 Kyoraku Sangyo Kk Electronic equipment, main control board, peripheral board, authentication method and authentication program
JP4677008B2 (en) * 2008-04-24 2011-04-27 京楽産業.株式会社 Main control board, authentication method and authentication program
JP4228322B1 (en) * 2007-12-27 2009-02-25 クオリティ株式会社 Portable terminal device, file management program, and file management system
JP5211716B2 (en) * 2008-01-29 2013-06-12 富士通株式会社 File access control method, file access control program, and file access control apparatus
JP2009238155A (en) * 2008-03-28 2009-10-15 Nippon Telegr & Teleph Corp <Ntt> Data storage system and data storage method
US8311518B2 (en) * 2008-04-29 2012-11-13 Esmertec France Method and system for executing applications in wireless telecommunication networks
TWI469817B (en) * 2008-09-03 2015-01-21 Kyoraku Ind Co Ltd Pachinko machine, main control substrate, surrounding substrate, confirmation method and confirmation program
JP5449905B2 (en) * 2009-07-29 2014-03-19 フェリカネットワークス株式会社 Information processing apparatus, program, and information processing system
US8713705B2 (en) * 2009-08-03 2014-04-29 Eisst Ltd. Application authentication system and method
US8650620B2 (en) 2010-12-20 2014-02-11 At&T Intellectual Property I, L.P. Methods and apparatus to control privileges of mobile device applications
DE102011001430A1 (en) * 2011-03-21 2012-09-27 Wincor Nixdorf International Gmbh Method of operating a cashbox with custom keys
JP2012212405A (en) * 2011-03-31 2012-11-01 Kddi Corp Application authentication system, application authentication method, and program
US8914876B2 (en) * 2011-05-05 2014-12-16 Ebay Inc. System and method for transaction security enhancement
US20140090019A1 (en) * 2011-05-19 2014-03-27 Nippon Hoso Kyokai Integrated broadcasting communications receiver, resource access controlling program, and integrated broadcasting communications system
US8898459B2 (en) * 2011-08-31 2014-11-25 At&T Intellectual Property I, L.P. Policy configuration for mobile device applications
US8918841B2 (en) 2011-08-31 2014-12-23 At&T Intellectual Property I, L.P. Hardware interface access control for mobile applications
US9294468B1 (en) 2013-06-10 2016-03-22 Google Inc. Application-level certificates for identity and authorization
US10885583B2 (en) * 2013-12-19 2021-01-05 Chicago Mercantile Exchange Inc. Deterministic and efficient message packet management
JP6343928B2 (en) * 2013-12-25 2018-06-20 凸版印刷株式会社 Portable terminal, authentication system, authentication method, and authentication program
JP6561436B2 (en) * 2014-07-17 2019-08-21 セイコーエプソン株式会社 Information processing apparatus, method for controlling information processing apparatus, and computer program
CN105450592A (en) 2014-08-05 2016-03-30 阿里巴巴集团控股有限公司 Safety verification method and device, server and terminal
JP6305284B2 (en) 2014-09-10 2018-04-04 株式会社東芝 Portable electronic device
US11017064B2 (en) 2019-05-14 2021-05-25 Bank Of America Corporation Authentication using interprogram communication

Family Cites Families (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ATE136139T1 (en) * 1992-01-22 1996-04-15 Siemens Nixdorf Inf Syst METHOD FOR MUTUAL AUTHENTICATION OF A CHIP CARD AND A TERMINAL
US5721781A (en) * 1995-09-13 1998-02-24 Microsoft Corporation Authentication system and method for smart card transactions
JPH09102020A (en) * 1995-10-04 1997-04-15 Toppan Printing Co Ltd Ic card terminal
SE505353C2 (en) 1995-10-31 1997-08-11 Nordbanken Ab Procedure and apparatus for data communication
US5796832A (en) * 1995-11-13 1998-08-18 Transaction Technology, Inc. Wireless transaction and information system
IL117085A (en) * 1996-02-08 2005-07-25 Milsys Ltd Secure computer system
JPH11175402A (en) * 1997-12-10 1999-07-02 Fujitsu Ltd Card type storage medium and access control method for the same and computer readable recording medium for recording access control program for card type storage medium
US6219439B1 (en) * 1998-07-09 2001-04-17 Paul M. Burger Biometric authentication system
US6327652B1 (en) * 1998-10-26 2001-12-04 Microsoft Corporation Loading and identifying a digital rights management operating system
US6609199B1 (en) * 1998-10-26 2003-08-19 Microsoft Corporation Method and apparatus for authenticating an open system application to a portable IC device
US7174457B1 (en) * 1999-03-10 2007-02-06 Microsoft Corporation System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party
EP1125262A1 (en) * 1998-10-27 2001-08-22 Visa International Service Association Delegated management of smart card applications
US6257486B1 (en) * 1998-11-23 2001-07-10 Cardis Research & Development Ltd. Smart card pin system, card, and reader
EP1161716B1 (en) * 1999-02-15 2013-11-27 Hewlett-Packard Development Company, L.P. Trusted computing platform
US6484259B1 (en) * 1999-07-23 2002-11-19 Microsoft Corporation Methods and arrangements for mapping widely disparate portable tokens to a static machine concentric cryptographic environment
DK174672B1 (en) * 1999-11-09 2003-08-25 Orange As Electronic identification code delivery system
JP2001184472A (en) 1999-12-27 2001-07-06 Hitachi Ltd Supply method for application program, smart card, script supply method, terminal device, and storage medium with application program
JP4274675B2 (en) * 2000-04-28 2009-06-10 株式会社エヌ・ティ・ティ・データ Card system, IC card and recording medium
WO2002005202A1 (en) * 2000-07-07 2002-01-17 Fujitsu Limited Ic card terminal device
JP3808297B2 (en) * 2000-08-11 2006-08-09 株式会社日立製作所 IC card system and IC card
US20020042879A1 (en) * 2000-10-10 2002-04-11 Gould Terry A. Electronic signature system
US7000249B2 (en) * 2001-05-18 2006-02-14 02Micro Pre-boot authentication system
EP1223565A1 (en) 2001-01-12 2002-07-17 Motorola, Inc. Transaction system, portable device, terminal and methods of transaction
US6823464B2 (en) * 2001-02-26 2004-11-23 International Business Machines Corporation Method of providing enhanced security in a remotely managed computer system
JP2003005859A (en) * 2001-04-16 2003-01-08 Yuichi Sumiya Method for managing program and data, and computer
JP3921057B2 (en) * 2001-05-11 2007-05-30 株式会社エヌ・ティ・ティ・ドコモ Access method and communication terminal

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102789558A (en) * 2011-05-20 2012-11-21 北京网秦天下科技有限公司 Method and device for analyzing program installation and program operation in mobile device
CN105095744A (en) * 2014-05-07 2015-11-25 腾讯科技(深圳)有限公司 Application access method and device
CN114205237A (en) * 2020-08-26 2022-03-18 中国移动通信集团终端有限公司 Authentication method and device of application program, electronic equipment and computer storage medium

Also Published As

Publication number Publication date
EP1860620A3 (en) 2009-03-18
CN1542645A (en) 2004-11-03
EP1457936A3 (en) 2004-10-20
JP4067985B2 (en) 2008-03-26
JP2004265026A (en) 2004-09-24
EP1457936B1 (en) 2007-10-17
DE602004009489D1 (en) 2007-11-29
EP1860620A2 (en) 2007-11-28
US20040172542A1 (en) 2004-09-02
US7512802B2 (en) 2009-03-31
EP1457936A2 (en) 2004-09-15
CN100419737C (en) 2008-09-17

Similar Documents

Publication Publication Date Title
CN100419737C (en) Application authentication system, secure device, and terminal device
JP3918827B2 (en) Secure remote access system
CN1703001B (en) Program, communication device, data processing method, and communication system
US20220038291A1 (en) Electronic signature authentication system based on biometric information and electronic signature authentication method
US7500605B2 (en) Tamper resistant device and file generation method
JP2017510909A (en) Fingerprint authentication method, apparatus, intelligent terminal, and computer storage medium
CN102523089B (en) Secondary credentials for batch system
RU2011153984A (en) TRUSTED AUTHORITY ADMINISTRATOR (TIM)
JP2018504789A (en) Payment authentication system, method and apparatus
CN101155112B (en) Virtual special terminal, network service system and service access method
CN101807237B (en) Signature method and device
EP2577616B1 (en) A method of authorizing a person, an authorizing architecture and a computer program product
CN111221904A (en) Intelligent contract deployment and execution method and device, electronic equipment and storage medium
CN104835038A (en) Networking payment device and networking payment method
KR20150050280A (en) Authentication method using fingerprint information and certification number, user terminal and financial institution server
JP5277888B2 (en) Application issuing system, apparatus and method
JP2005190184A (en) Authentication system, information recording medium, authentication method, program
Otterbein et al. The German eID as an authentication token on android devices
KR102663133B1 (en) Integrity testing of electronic devices
KR101502944B1 (en) System for Digital Signing Using Portable Terminal
CN115344401A (en) XFS realizing method, device, equipment and readable storage medium based on Hongmon system
CN112560116A (en) Function control method, device and storage medium
CN110851881A (en) Security detection method and device for terminal equipment, electronic equipment and storage medium
EP2985724B1 (en) Remote load and update card emulation support
CN115633362B (en) NFC function control method based on security element and mobile terminal equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20081224